Blacklisted - Dedicated Sever Please Help!

My dedicated server which I have 18 accounts on has been hacked and has recently been sending out spam. My server company claims that they have received in excess of 2000 complaints from my IP range so I need help.

Whats the best way for me to trace the account which is sending the spam?

How did the bugger get in and pick on my server?

What can I do to best protect this from going on again?

Legal Option against the person that did it, is that possible or rather likely?

Oh and any other assistance any of you guys can offer me, I'm stressed to hell with this, the server company actually disconnected me and are saying if it happens again they will do it for good!

The first thing typically recommended is first ensuring your server hasn't become an open relay (there are some threads on how to determine this). Secondly, ensure you are not letting user nobody send emails (in Tweak Settings). If you are - first, go to WHM -> Software -> Apache Update and recompile PHP with SuPHP and enable SuExec support. This will force scripts to run as the user - eliminating the need to let user nobody send mail. Now disable user nobody. Now, you will be able to see what user is sending what emails from their scripts.

There are many more suggestions that have been posted around these forums - but those are the basics.